Privacy policy

1. Privacy at a glance

General information
The following information provides an overview of what happens to your personal data when you use this website. Personal data includes all data with which you can be personally identified. Full information on privacy can be found in the privacy policy below.

Data collection on this website

Who is responsible for collecting data on this website?

Data processing on this website is done by the website operator. You can find their contact details in the section entitled “Information about the controller” in this privacy policy.

How do we collect your data?
Firstly, your data is collected when you give it to us. This could be data that you enter in a contact form, for example.
Your data is also collected by our IT systems when you visit the website, either automatically or following your authorization. This primarily includes technical data (e. g. browser, operating system, or the time you visited the website). This data is collected automatically as soon you access this website.

What do we use your data for?
Some of the data is collected to ensure smooth access to the website. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?
You always have the right to request for free information about the origin, recipient, and purpose of your personal stored data. You also have the right to request that this data be corrected or deleted. If you have given your consent to the processing of your data, you may revoke this for the future at any time. You also have the right to request limited processing of your personal data under certain circumstances. In addition, you have the right to raise a complaint with the responsible supervisory authority.
If you have any further questions about privacy, you can contact us at any time.

Analysis tools and tools of third-party providers

When you visit this website, your browsing behavior is statistically analyzed. This is done using analysis programs.
Detailed information on these analysis programs can be found in the privacy policy below.

 

2. Hosting

Hosting in Germany
This website is hosted in Germany via an external provider (host). Personal data collected on this website is stored on the host’s servers. This data may include IP addresses, contact enquiries, meta and communication data, contract data, contact data, names, website access, and other data generated via a website.
The host is used for the purposes of fulfilling the contract with our potential and existing customers (Article 6 (1)(b) GDPR) and in the interest of providing our online service securely, quickly, and efficiently using a professional provider (Article 6(1)(f) GDPR).
Our host will only process your data where this is necessary for the performance of their service obligations and in compliance with our instructions regarding this data.
We use the following technical service provider: Aleks & Shantu GmbH, Seelower Str. 4, 10439 Berlin, www.aleksundshantu.com.
The website is hosted on a server in Germany via hostNET Medien GmbH, Osterdeich 107, 28205 Bremen.

 

Concluding a data processing contract

To ensure that data is processed in compliance with privacy laws, we have concluded a data processing contract with our technical service provider.

 

3. General and obligatory information

Privacy
The operator of these sites takes the protection of your personal data very seriously. We handle your personal data confidentially and in accordance with legal data protection regulations and this privacy policy.
When you use this website, various personal data is collected. Personal data includes all data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purposes this happens.
It is important to note that the transfer of data online (e. g. when communicating by email) can have security flaws. It is not possible to protect data completely from attacks by third parties.

 

Information on the controller

The controller, responsible for data processing on this website is:
HABA Sales GmbH & Co. KG
August-Grosch-Str. 28-38,
96476 Bad Rodach

or by email: internet(at)haba.de and the reference: Privacy
Personally liable partner: HABA Administration GmbH, August-Grosch-Str. 28-38, 96476 Bad Rodach, Germany, Commercial Register Counrt Coburg, HRB 4746, represented by Managing Directors Heike Habermaass, Sabine Habermaass and Tim Steffens.

The controller is the natural or legal person who decides on their own or with others on the purposes and means of processing personal data (e. g. names, email address, etc.).

 

Storage period

If no specific storage period is stated in this privacy policy, your personal data will remain with us until the purpose for which it was processed no longer exists. If you submit a justified deletion request or revoke permission for your data to be processed, your data will be deleted provided we have no other legally permitted grounds for storing your personal data (e.g. storage periods under fiscal or commercial law); in the latter case, the data will be deleted once these grounds no longer apply.

 

Legally required data protection officer

We have appointed a data protection officer for our company.
HABA Sales GmbH & Co. KG
Datenschutzbeauftragter
August-Grosch-Straße 28-38
96476 Bad Rodach
or by email: internet(at)haba.de und dem Betreff: Privacy

 

Information on transferring data to the US

Our website uses some tools from companies located in the US. When these tools are active, your personal data may be sent to the US server of the company in question. It is important to note that the US is not a secure third country as defined in EU privacy law. US companies may be obligated under law to give personal data to security authorities without you as the person concerned being able to take any legal steps against this. The possibility cannot be excluded that US authorities (e.g. intelligence services) may process, evaluate, and store your data that is on US servers for monitoring purposes.
Revocation of your permission for your data to be processed

 

Many data processing procedures are only possible with your express permission. You can revoke at any time permission previously granted. The legitimacy of any data processing that occurred before the revocation is not affected by the revocation.
Right of objection to data collection in specific cases and to direct marketing (Article 21 GDPR)
IF THE DATA PROCESSING IS BASED ON ARTICLE 6 (1)(E) OR (F), YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS ARISING FROM YOUR SPECIFIC SITUATION; THIS ALSO APPLIES TO ANY PROFILING BASED ON THOSE PROVISIONS. DETAILS OF THE RELEVANT LEGAL BASIS OF DATA PROCESSING CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU RAISE A COMPLAINT, YOUR RELEVANT PERSONAL DATA WILL NO LONGER BE PROCESSED, UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR IF THE PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION UNDER ARTICLE 21(1) GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSES OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR RELEVANT PERSONAL DATA FOR THE PURPOSES OF THIS KIND OF MARKETING; THIS ALSO APPLIES TO PROFILING WHERE IT IS CONNECTED WITH THIS DIRECT MARKETING. IF YOU RAISE AN OBJECTION, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ARTICLE 21(2) GDPR).

 

Right to raise a complaint with the responsible supervisory authority

In the event of breaches of GDPR, those affected have the right to raise a complaint with a supervisory authority, particularly in the member state of their principal place of residence, workplace or the location of the alleged breach. The right to raise a complaint is without prejudice to other administrative or judicial remedies.

The supervisory authority responsible for us is:

Bavarian State Office for Data Protection Supervision
P.O. Box 606
91511 Ansbach
Germany
Telephone: +49 (0) 981 53 1300
Telefax: +49 (0) 981 53 98 1300
Email: poststelle@lda.bayern.de
If you want to raise a complaint, you can use the supervisory authority’s online complaint form (available at: https://www.lda.bayern.de/de/beschwerde.html)

 

Right to data portability

You have the right to have data that we have automatically processed on the basis of your permission or in performance of a contract sent to you or a third party in a commonly used, machine-readable format. If you request the direct transmission of data to another controller, this will only happen insofar as it is technically feasible.

 

SSL / TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or requests that you send us as the website operator, this website uses SSL / TLS encryption. You can see that the link is encrypted when the browser’s address field changes from “http://” to “https://” and the padlock symbol appears in the address bar.
If the SSL or TLS encryption is activated, data that you send to us cannot be read by third parties.

 

Information, deletion and amendments

Within the framework of current legal provisions, you have the right to request information at any time about your stored personal data, its origin, and the purposes for which it is processed, and a right to request the deletion or amendment of this data. If you have any further questions about personal data, you can contact us at any time.

 

You also have the right to request limited processing of your personal data. You can contact us about this at any time. The right to restriction of processing occurs in the following cases:

  • If you are disputing the accuracy of your personal data stored with us, we generally need time to review this. While we are conducting the review, you have the right to request limited processing of your personal data.
  • If your personal data has been / is being processed wrongfully, you can request limited processing of your data instead of its deletion.
  • If we no longer need your personal data but still need it for the exercise, defense or enforcement or legal claims, you have the right to request limited processing of your data instead of its deletion.
  • If you have filed a complaint under Article 21(1) GDPR, your and our interests must be weighed. If it cannot be established which interests take priority, you have the right to request limited processing of your personal data.
  • If you have restricted the processing of your personal data, this data (except for its storage) may only be processed with your permission or for the enforcement, exercise or defense of legal claims or to defend the rights of another natural or legal person or for reasons of public interest in the European Union or a member state.

 

4. Data collection on this Website

Cookies

Our websites use cookies. Cookies are small text files and do not cause any damage to your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them or until your browser automatically deletes them.

Some cookies from third-party companies may also be stored on your device if you access our website (third-party cookies). These enable us or you to use certain services by the third-party company (e.g. cookies to process payment services).

Cookies have different functions. Many cookies are necessary for technical reasons, as certain website functions would not function without them (e.g. the basket function or videos). Other cookies are used to analyze user behavior or to display marketing.

Cookies that are necessary for electronic communication (essential cookies) or for the provision of specific functions requested by you (functional cookies, e.g. for the basket function) or for the optimization of the website (e.g. cookies that measure the online audience) are stored on the basis of Article 6(1)(f) GDPR provided that no other legal basis is stated. The website operator has a justified interest in the storage of cookies to ensure the optimized, smooth technical provision of their services. If permission to store cookies was requested, the relevant cookies will be stored exclusively on the basis of this permission (Article 6(1)(a) GDPR); the permission can be revoked at any time.

You can adjust your browser settings so that you are informed about the placement of cookies and only permit cookies on a case-by-case basis, do not accept cookies for specific cases or in general, and that cookies are automatically deleted when the browser is closed. Deactivating cookies may restrict the functionality of this website. If cookies are used by third-party companies or for analysis purposes, we will inform you separately in accordance with this privacy policy and request your permission if necessary.

 

Cookie permission with Borlabs cookie

Our website uses the Borlabs cookie consent technology; this gathers your consent to store specific cookies in your browser and documents this in line with privacy regulations. The provider of this technology is Borlabs – Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg (referred to hereinafter as Borlabs).

When you access our website, a Borlabs cookie will be stored in your browser, in which your permissions or revocation of these permissions is stored. This data is not passed onto the provider of Borlabs Cookie.
The collected data is stored until you request its deletion or Borlabs Cookie deletes it or until the purpose for the data storage has been fulfilled. Mandatory legal storage periods remain unaffected. Details on Borlabs Cookie data processing can be found on https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/

Borlabs cookie consent technology is used to collect the legally required permissions for the use of cookies. The legal basis for this is Article 6(1) sentence 1 (c) GDPR.

 

Server log files

The website provider automatically collects and stores information in server log files that your browser automatically sends to us. This includes:

  • Browser type and browser version
  • Operating system
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address

This data is not combined with other data sources.

This data is collected on the basis of Article 6(1)(f) GDPR. The website operator has a justified interest in the smooth technical provision and optimization of their website, and this is why server log files need to be gathered.

 

Contact form

If you send us requests using the contact form, your details from the request form, including the contact data provided therein, will be stored by us for the purposes of processing the request and for any subsequent questions. We do not pass on this data without your permission.

This data is processed on the basis of Article 6(1)(b) GDPR, provided that your request is connected to the performance of a contract or to take steps prior to entering into a contract. In all other cases, processing is based on our justified interest in the effective processing of requests sent to us (Article 6(1)(f) GDPR) or on your permission (Article 6(1)(a) GDPR), provided this was requested.
The data entered by you in the contact form remains with us until you request its deletion, revoke your permission for its storage or until the purpose for the data storage has been fulfilled (e. g. once your request has been fully processed). Mandatory legal requirements, particularly storage periods, remain unaffected.

 

Requests by email, phone or fax

If you contact us by email, phone or fax, your enquiry will be stored and processed by us, including all resulting personal data (name, enquiry), for the purposes of processing your request. We do not pass on this data without your permission.
This data is processed on the basis of Article 6(1)(b) GDPR, provided that your request is connected to the performance of a contract or to take steps prior to entering into a contract. In all other cases, processing is based on our justified interest in the effective processing of requests sent to us (Article 6(1)(f) GDPR) or on your permission (Article 6(1)(a) GDPR), provided this was requested.

Data sent to us by you in contact requests remains with us until you request its deletion, revoke your permission for its storage or until the purpose for the data storage has been fulfilled (e. g. once your request has been processed in full). Mandatory legal requirements, particularly legal storage periods, remain unaffected.

5. Social Media

Safe Sharing

The content on this website can be shared in accordance with privacy regulations on social networks including Facebook, Twitter, etc. and HABA profiles can be visited using direct links to the channels. This site only creates a direct contact between the networks and the users when the user actively clicks on one of these buttons. Clicking on the button constitutes permission as defined in Article 6(1)(a) GDPR. This permission can be revoked at any time with future effect.
This website does not automatically transfer user data to the operator of these platforms. If the user is registered on social networks, using the social media buttons for Facebook, Twitter, etc. will cause an information window to pop up, in which the user can confirm the text before sending it.
Our users can share the content of this website in accordance with privacy regulations on social networks without a full browsing profile being created by the operators of the networks.

 

6. Analysis tools and Marketing

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that allows us to integrate tracking or statistics tools and other technologies on our website. Google Tag Manager does not create any user profiles, store any cookies, or conduct any independent analyses. It is only used for the administration and deployment of the tools integrated using it. However, Google Tag Manager does collect your IP address, which may be sent to Google’s parent company in the United States.
The legal basis for the use of Google Tag Manager is Article 6(1)(f) GDPR. The website operator has a justified interest in the simple, rapid integration and management of different tools on its website. Provided that relevant permission was requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPE; permission can be revoked at any time.

 

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior of visitors to the website. To do this, the website operator receives a range of usage data, e.g. page downloads, duration of session, operating systems, and origin of the user. Google summarizes this data in a profile that is then allocated to the user or their device.
Google Analytics uses technologies that enable the user to be recognized for the purposes of analyzing their user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the US and stored there.
The legal basis for the use of this analysis tool is Article 6(1)(f) GDPR. The website operator has a justified interest in the analysis of user behavior in order to optimize their online service and their marketing. Provided that relevant permission was requested (e.g. permission for the storage of cookies), processing is done exclusively on the legal basis of Article 6(1)(a) GDPR; permission can be revoked at any time.
Data transfer to the US is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

 

IP anonymization

We have activated the IP anonymization function on this website. This means that within European Union member states or in other signatory states to the Agreement on the European Economic Area, Google abbreviates your IP address before sending it to the US. In exceptional cases only, the full IP address will be sent to a Google server in the US and abbreviated there. Google will use this information to evaluate your use of the website and compile reports on website activity for the website operator, and provide other services related to the use of the website and the Internet for the website operator. The IP address sent by your browser as part of Google Analytics is not combined with other data by Google.

 

Browser Plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available via the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
More information on how Google Analytics handles user data can be found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

 

Order processing

We have concluded an order processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

 

Storage period

Data stored by Google at a user and occasion level that is linked with cookies, user identification (e.g. user ID), or advertising IDs (e. g. double-click cookies, Android advertising ID), are anonymized or deleted after 14 months. Details on this can be found using the following link: https://support.google.com/analytics/answer/7667196?hl=de

 

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program from Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to play adverts in the Google search engine or on third-party websites if the user enters specific search terms on Google (keyword targeting). In addition, targeted adverts may be played using user data held by Google (e.g. location data and interests) (target group targeting). As the website operator, we evaluate this data by analyzing, for example, which search terms have resulted in our adverts being played and how many adverts have led to corresponding clicks.
The legal basis for the use of Google Ads is Article 6(1)(f) GDPR. The website operator has a justified interest in the most effective marketing possible of their products and services.
Data transfer to the US is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

 

Google Remarketing

This website uses the functions of Google Analytics Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Remarketing analyzes your user behavior on our website (e.g. clicks on specific products), in order to assign you to specific advertising target groups and then show you suitable advertising messages when you visit other online sites (remarketing / retargeting).
In addition, the advertising target groups created with Google Remarketing can be linked with other cross-device Google functions. This enables personalized advertising messages relating to your interests, based on your previous usage and browsing behavior on a device (e.g. mobile) to be adapted to you and shown on one of your other devices (e.g. tablet or PC).
If you have a Google account, you can opt out of personalized advertising using the following link: https://www.google.com/settings/ads/onweb/.

The legal basis for the use of Google Remarketing is Article 6(1)(f) GDPR. The website operator has a justified interest in the most effective marketing possible of their products. Provided that relevant permission was requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR; permission can be revoked at any time.
Further information and privacy regulations can be found in Google’s privacy policy under: https://policies.google.com/technologies/ads?hl=de.

 

Target group creation with customer comparison

To create target groups, one of the tools we use is Google Remarketing’s customer comparison. To do this, we send specific customer data (e.g. email addresses) from our customer lists to Google. If the customers are Google users and are logged into their Google account, suitable advertising messages will be displayed within the Google network (e.g. on YouTube, Gmail or in the search engine).

 

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Using Google Conversion Tracking, we and Google can identify whether the use has carried out specific actions. For example, we can evaluate which buttons on our website have been regularly clicked on and which products are regularly viewed or purchased. This information is used to create conversion statistics. This tells us the total number of users who have clicked on our adverts and which actions they have carried out. We do not receive any information with which we could personally identify the user. Google uses cookies or similar recognition technology for the identification.
The legal basis for the use of Google Conversion Tracking is Article 6(1)(f) GDPR. The website operator has a justified interest in the analysis of user behavior in order to optimize their online service and their advertising. Provided that relevant permission was requested (e.g. permission for the storage of cookies), processing is done exclusively on the legal basis of Article 6(1)(a) GDPR; permission can be revoked at any time.
More information on Google Conversion Tracking can be found in Google’s privacy regulations: https://policies.google.com/privacy?hl=de.

 

7. Newsletter

Newsletter data

By giving your permission, you can subscribe to our newsletter, in which we inform you about our current interesting offers. Some goods and services from across our group companies may also be advertised in the HABA newsletter if these match your interests in our products. Our group companies include: Heldbergs GmbH & Co. KG, Project GmbH, HABA Sales GmbH & Co. KG including the brands HABA, JAKO-O, FIT-Z, Qiéro!, JAKO-O Familystore and Wehrfritz. To assist our email dissemination, we use the services of Emarsys – emarsys eMarketing Systems AG, Märzstrasse 1, 1150 Vienna.
We use the double opt-in procedure for our newsletter registrations. This means that, after registration, we send an email to the email address you provide, in which we ask you to confirm that you would like to receive the newsletter. We store the IP addresses you use and the time of your registration and confirmation. The purpose of the procedure is to verify your registration and identify any potential misuse of your personal data.
The only information you need to provide in order to receive a newsletter is your email address. Specifying other, separately selected data is voluntary and is used to address you personally. After receiving your confirmation, we store your email address for the purpose of sending the newsletter. The legal basis for this is Article 6(1)(a) GDPR.
You can revoke your permission to be sent the newsletter at any time and unsubscribe from the newsletter. You can state your revocation by clicking on the link provided in every newsletter, by sending an email to internet(at)haba.de with the reference “Privacy” or by writing to HABA Sales GmbH & Co. KG, Datenschutz, August-Grosch-Strasse 28-38, 96476 Bad Rodach.
Independently of your registration and receipt of our email newsletter, as a HABA customer we will occasionally send you emails informing you of similar products and services in the HABA range which you might find interesting. We also enable you to submit product reviews or take part in surveys. This information is sent to you based on the legal authorization under Section 7(3) German Unfair Competition Act. You can opt out of receiving further messages at any time without incurring any costs beyond the basic cost of transmission. You can opt out by sending a message to shop(at)haba.de.

 

8. Plugins and tools

Google Web Fonts (lokales Hosting)

These website uses web fonts provided by Google to ensure the standardized display of characters. Google Fonts is installed locally. No connection to Google’s servers take place.
Further information on Google web fonts can be found on https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.